Exabeam announced a suite of enhancements to its Behavior Intelligence platform aimed at detecting, investigating, and mitigating risks from AI agents, autonomous workflows, and human‑to‑agent interactions. The update adds new detections, broader AI‑model coverage, OWASP‑aligned mapping, and an open‑source telemetry library called Observra, all intended to give security operations teams clearer visibility into agent activity.
New Detections and Coverage Across AI Models
The release doubles Exabeam’s AI‑focused detection coverage to 90 % by introducing behavioral detections that target anomalous human‑to‑agent and autonomous agent activity. These detections flag suspicious prompt behavior, unusual tool‑invocation sequences, abnormal consumption patterns, unauthorized configuration changes, “Denial of Wallet” indicators, shadow AI activity, and other signs of misuse or compromise.
Visibility is also extended to five major AI platforms: Anthropic Claude, OpenAI ChatGPT, Google Gemini, Microsoft Copilot, and GitHub Copilot. By ingesting telemetry from these services, Exabeam helps organizations identify newly adopted tools, monitor usage patterns, and differentiate legitimate from risky agent behavior.
OWASP Alignment and Open‑Source Observra Library
Exabeam Outcomes Navigator now maps detections to the OWASP Top 10 for Agentic AI, giving teams a structured view of coverage gaps and guidance on where to prioritize additional content. This alignment enables security leaders to assess how existing rules address emerging AI risks and to plan remediation accordingly.
In parallel, Exabeam introduced Observra, an open‑source project and library that captures and normalizes agent telemetry across major frameworks. Observra enriches raw events with cost, redaction, deduplication, and risk signals before routing them to any security operations platform. The library is already integrated into Exabeam’s New‑Scale Platform to improve agent observability.
Platform Enhancements for SOC Efficiency
Beyond detection, the update adds several SOC‑focused improvements:
- Phishing email ingest that parses original messages and attachments, then groups cases by topic.
- Attack Surface Insights upgrades for entity health, identity linking, context freshness, and rule‑preview testing.
- New Cloud Collectors, custom REST API context collection, Site Collector health notifications, and Log Stream enhancements to streamline data onboarding and parser transparency.
- Dashboard authoring, biweekly reporting, and Global Search refinements to accelerate reporting and navigation.
Exabeam Nova’s Rules Creator now supports natural‑language rule creation and conversion from Sigma rules, while early‑access Nova Related Cases helps analysts surface shared entities and understand case relationships, reducing manual triage.
Key Takeaways
- New AI and agent‑related behavioral detections double total AI‑focused detection coverage to 90 %.
- Exabeam now includes Anthropic Claude in its visibility stack, joining OpenAI ChatGPT, Google Gemini, Microsoft Copilot, and GitHub Copilot.
- The Observra open‑source library provides a normalized telemetry layer for agents, feeding enriched signals into Exabeam’s platform.
TechInsyte's Take
The expanded detection set and OWASP alignment give security teams concrete tools to monitor the growing footprint of AI agents without redesigning existing SOC processes. However, the effectiveness of these controls will depend on how quickly organizations can integrate Observra telemetry and map it to their own risk frameworks. Executives should watch for early adoption feedback and any updates to the OWASP Agentic AI Top 10 that could shift coverage priorities.
Source: Businesswire